Insights into the Evolving Needs of Canadian Internal Audits

Geoff Rodrigues, Mariesa Carbone
5192, 5258
13/03/2017

MNP-Body

​​​​​​​​​​​​​​MNP recently conducted a survey of Institute of Internal Auditor members to determine what the top challenges and trends internal auditors see ahead. We polled internal auditors serving a broad range of industries and sectors, including Crown corporations, government ministries, public and private corporations and post-secondary education institutions, to gain their insight.

Key Internal Audit Challenges

Not surprisingly, the biggest challenge voiced by the majority of the polled members was being able to do their job effectively, across the board. As the ones responsible to assess how each department within an organization is performing, having the capability to effectively audit all the subject areas in their universe – IT, cyber security, business continuity, fraud, procurement, risk management – ranked the highest.

Not far behind was ensuring auditors had the data analytics skills to effectively decipher and interpret mass amounts of data, followed by having an adequate budget and resources to accomplish their audit. Members with privately owned companies were the most concerned with cultural acceptance of governance, risk and control.

Top Three Planned Internal Audit Projects

​

Just over half (52 per cent) of the members polled– most of them in publicly traded companies - listed cyber security first in the top three projects out of 15 choices for the upcoming year. The cyber focus was on a range of topics, from conducting IT security audits, threat and risk assessments, testing how vulnerable critical units were to cyber breaches and how educated staff were to combating social cyber attacks such as phishing.

Overall, data analytics came in second, demonstrating organizations’ increased awareness of big data as a competitive tool. Third in line for planned projects in 2017 was evaluating the effectiveness of their enterprise or operational risk management programs.

It should be noted 55 per cent of member polled who worked with government agencies highlighted value for money as the focus of their top project in the survey, with private companies conhducting evaluations of their enterprise risk management programs in first place.

Meeting Audit Committee and Board Expectations

​

​​

Internal auditors often are not recognized for the critical role they play in ensuring an enterprise, organization or even government entity runs smoothly. And yet audit committees and senior executives often have high expectations for them. Members overwhelmingly picked providing assurance around how effective an organization’s programs, services and processes are as the top expectation for their function.

While internal auditors of publically traded entities ranked technology risks as second on their agenda, the other survey participants – including government ministries, Crown corporations and privately traded companies – rated providing enhanced reporting second on the list of senior executive expectations. Risk and controls advisory functions on special projects such as major business transformation, mergers and acquisitions or large IT projects, was the third most cited expectation.